Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. The technique was first observed by security ...
Malware that passes itself off as a WordPress SEO plugin has been infecting sites and opening a backdoor for hackers on thousands of sites. Malware masquerading itself as an SEO plugin called ...
Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than ...
Ally was carrying an SQL injection flaw that allowed data exfiltration.
A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites since June 21. The hacker used the open-source ...
WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...
A dangerous malware variant disguised as a legitimate WordPress plugin has been uncovered by security researchers. The malware, named “WP-antymalwary-bot.php,” gives attackers persistent access to ...
A new study from Georgia Institute of Technology researchers has found malicious plugins installed on some 25,000 WordPress websites. The researchers analyzed backups from over 400,000 web servers and ...
A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts. A malicious WordPress plugin ironically called WP Security has been spotted in the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results